From 5e20fdd77c83fab70019339dafe261ba43934f1f12d0884007967b6a42346b8f Mon Sep 17 00:00:00 2001 From: Kristyna Streitova Date: Thu, 4 Jan 2018 13:04:08 +0000 Subject: [PATCH] Accepting request 560965 from home:avindra - GNU tar 1.30: * Member names containing '..' components are now skipped when extracting. * Report erroneous use of position-sensitive options. * --numeric-owner now affects private headers too. * Fixed the --delay-directory-restore option * The --warnings=failed-read option * The --warnings=none option now suppresses all warnings * Fix reporting of hardlink mismatches during compare - cleanup with spec-cleaner - switch all urls to https - drop upstreamed patches * add-return-values-to-backup-scripts.patch * tar-1.29-extract_pathname_bypass.patch - rebase add_readme-tests.patch OBS-URL: https://build.opensuse.org/request/show/560965 OBS-URL: https://build.opensuse.org/package/show/Base:System/tar?expand=0&rev=83 --- add-return-values-to-backup-scripts.patch | 56 ----------------------- add_readme-tests.patch | 23 ++++------ tar-1.29-extract_pathname_bypass.patch | 35 -------------- tar-1.29.tar.bz2 | 3 -- tar-1.29.tar.bz2.sig | 7 --- tar-1.30.tar.bz2 | 3 ++ tar-1.30.tar.bz2.sig | 7 +++ tar.changes | 19 ++++++++ tar.spec | 25 ++-------- 9 files changed, 42 insertions(+), 136 deletions(-) delete mode 100644 add-return-values-to-backup-scripts.patch delete mode 100644 tar-1.29-extract_pathname_bypass.patch delete mode 100644 tar-1.29.tar.bz2 delete mode 100644 tar-1.29.tar.bz2.sig create mode 100644 tar-1.30.tar.bz2 create mode 100644 tar-1.30.tar.bz2.sig diff --git a/add-return-values-to-backup-scripts.patch b/add-return-values-to-backup-scripts.patch deleted file mode 100644 index d284224..0000000 --- a/add-return-values-to-backup-scripts.patch +++ /dev/null @@ -1,56 +0,0 @@ -From: Alexey Svistunov -Date: 2016-03-23 11:59:33 +0300 -Subject: add return values to the backup scripts for better results monitoring. -References: https://savannah.gnu.org/patch/?8953 -Upstream: submitted - -Index: tar-1.28/scripts/backup.in -=================================================================== ---- tar-1.28.orig/scripts/backup.in -+++ tar-1.28/scripts/backup.in -@@ -153,9 +153,16 @@ message 20 "BACKUP_FILES=$BACKUP_FILES" - # piped through 'tee' to the logfile. Doing this, instead of having - # multiple pipelines all over the place, is cleaner and allows access to - # the exit value from various commands more easily. -+set -o pipefail - ( - message 1 "preparing tapes" - $MT_BEGIN "${TAPE_FILE}" -+ RESULT=$? -+ if [ $RESULT -ne 0 ] ; then -+ echo "Tape is not ready." 1>&2 -+ exit $RESULT -+ fi -+ - rm -f "${VOLNO_FILE}" - - message 1 "processing backup directories" -@@ -245,10 +252,11 @@ message 20 "BACKUP_FILES=$BACKUP_FILES" - $MT_OFFLINE "${TAPE_FILE}" - echo "." - ) 2>&1 | tee -a "${LOGFILE}" -+RESULT=$? - - if test "${ADMINISTRATOR}" != NONE; then - echo "Sending the dump log to ${ADMINISTRATOR}" - mail -s "Results of backup started ${startdate}" ${ADMINISTRATOR} < "${LOGFILE}" - fi -- -+exit $RESULT - # EOF -Index: tar-1.28/scripts/backup.sh.in -=================================================================== ---- tar-1.28.orig/scripts/backup.sh.in -+++ tar-1.28/scripts/backup.sh.in -@@ -311,8 +311,10 @@ backup_host() { - CMD="exec ${TAR_PART1} -f \"${TAPE_FILE}\" $@" - message 10 "CMD: $CMD" - sh -c "$CMD" -- message 10 "RC: $?" -+ RC=$? -+ message 10 "RC: $RC" - fi -+ return $RC - } - - print_level() { diff --git a/add_readme-tests.patch b/add_readme-tests.patch index c9ca222..84fe020 100644 --- a/add_readme-tests.patch +++ b/add_readme-tests.patch @@ -1,13 +1,7 @@ ---- - Makefile.in | 2 +- - README-tests | 22 ++++++++++++++++++++++ - 2 files changed, 23 insertions(+), 1 deletion(-) - -Index: tar-1.28/Makefile.in -=================================================================== ---- tar-1.28.orig/Makefile.in 2014-07-27 21:33:48.000000000 +0100 -+++ tar-1.28/Makefile.in 2014-08-03 00:15:17.000000000 +0100 -@@ -141,7 +141,7 @@ PRE_UNINSTALL = : +diff -ruN a/Makefile.in b/Makefile.in +--- a/Makefile.in 2017-12-22 20:14:53.900579664 -0500 ++++ b/Makefile.in 2017-12-22 20:21:21.363943130 -0500 +@@ -122,7 +122,7 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @@ -15,11 +9,10 @@ Index: tar-1.28/Makefile.in +DIST_COMMON = $(srcdir)/Make.rules INSTALL NEWS README README-tests AUTHORS \ ChangeLog THANKS $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ $(top_srcdir)/configure $(am__configure_deps) \ - $(srcdir)/config.h.in ABOUT-NLS COPYING TODO build-aux/compile \ -Index: tar-1.28/README-tests -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ tar-1.28/README-tests 2014-08-03 00:15:17.000000000 +0100 + $(srcdir)/config.h.in ABOUT-NLS COPYING TODO build-aux/ar-lib \ +diff -ruN a/README-tests b/README-tests +--- a/README-tests 1969-12-31 19:00:00.000000000 -0500 ++++ b/README-tests 2017-12-22 20:21:59.706691355 -0500 @@ -0,0 +1,22 @@ +Subpackage tar-tests +==================== diff --git a/tar-1.29-extract_pathname_bypass.patch b/tar-1.29-extract_pathname_bypass.patch deleted file mode 100644 index 6c5d8d7..0000000 --- a/tar-1.29-extract_pathname_bypass.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 7340f67b9860ea0531c1450e5aa261c50f67165d Mon Sep 17 00:00:00 2001 -From: Paul Eggert -Date: Sat, 29 Oct 2016 21:04:40 -0700 -Subject: When extracting, skip ".." members - -* NEWS: Document this. -* src/extract.c (extract_archive): Skip members whose names -contain "..". ---- - -Index: tar-1.29/src/extract.c -=================================================================== ---- tar-1.29.orig/src/extract.c 2016-01-20 10:26:32.000000000 +0100 -+++ tar-1.29/src/extract.c 2016-12-15 18:11:56.752575954 +0100 -@@ -1629,12 +1629,20 @@ extract_archive (void) - { - char typeflag; - tar_extractor_t fun; -+ bool skip_dotdot_name; - - fatal_exit_hook = extract_finish; - - set_next_block_after (current_header); - -+ skip_dotdot_name = (!absolute_names_option -+ && contains_dot_dot (current_stat_info.orig_file_name)); -+ if (skip_dotdot_name) -+ ERROR ((0, 0, _("%s: Member name contains '..'"), -+ quotearg_colon (current_stat_info.orig_file_name))); -+ - if (!current_stat_info.file_name[0] -+ || skip_dotdot_name - || (interactive_option - && !confirm ("extract", current_stat_info.file_name))) - { diff --git a/tar-1.29.tar.bz2 b/tar-1.29.tar.bz2 deleted file mode 100644 index 39475d2..0000000 --- a/tar-1.29.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:236b11190c0a3a6885bdb8d61424f2b36a5872869aa3f7f695dea4b4843ae2f2 -size 2715993 diff --git a/tar-1.29.tar.bz2.sig b/tar-1.29.tar.bz2.sig deleted file mode 100644 index a541d84..0000000 --- a/tar-1.29.tar.bz2.sig +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.12 (GNU/Linux) - -iEYEABECAAYFAlc6FQcACgkQNgKwf1XQxzI9WgCeIqotzeBo5lOKmZ7pNEYGiehx -geMAnjQKNZlGLWuGZH/NxEbkgsQiN5G/ -=mj1Z ------END PGP SIGNATURE----- diff --git a/tar-1.30.tar.bz2 b/tar-1.30.tar.bz2 new file mode 100644 index 0000000..88f8660 --- /dev/null +++ b/tar-1.30.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:87592b86cb037c554375f5868bdd3cc57748aef38d6cb741c81065f0beac63b7 +size 2858639 diff --git a/tar-1.30.tar.bz2.sig b/tar-1.30.tar.bz2.sig new file mode 100644 index 0000000..bf12ecf --- /dev/null +++ b/tar-1.30.tar.bz2.sig @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.15 (GNU/Linux) + +iEYEABECAAYFAlo2WDAACgkQNgKwf1XQxzJ5dgCff14Rh/AJ7EwFNzP7fij1CBFN +bDsAoKMr0vWfos0xmmd3/9egDryGJLjU +=p7/W +-----END PGP SIGNATURE----- diff --git a/tar.changes b/tar.changes index 511d4a4..02c5a8b 100644 --- a/tar.changes +++ b/tar.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Mon Dec 18 03:45:51 UTC 2017 - avindra@opensuse.org + +- GNU tar 1.30: + * Member names containing '..' components are now skipped when + extracting. + * Report erroneous use of position-sensitive options. + * --numeric-owner now affects private headers too. + * Fixed the --delay-directory-restore option + * The --warnings=failed-read option + * The --warnings=none option now suppresses all warnings + * Fix reporting of hardlink mismatches during compare +- cleanup with spec-cleaner +- switch all urls to https +- drop upstreamed patches + * add-return-values-to-backup-scripts.patch + * tar-1.29-extract_pathname_bypass.patch +- rebase add_readme-tests.patch + ------------------------------------------------------------------- Thu Apr 20 13:58:56 UTC 2017 - kstreitova@suse.com diff --git a/tar.spec b/tar.spec index 67c17b1..b99fc0e 100644 --- a/tar.spec +++ b/tar.spec @@ -1,7 +1,7 @@ # # spec file for package tar # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,14 +19,14 @@ # For correct subpackages docs installation into tar doc directory %global _docdir_fmt %{name} Name: tar -Version: 1.29 +Version: 1.30 Release: 0 Summary: GNU implementation of ((t)ape (ar)chiver) License: GPL-3.0+ Group: Productivity/Archiving/Backup -Url: http://www.gnu.org/software/tar/ -Source0: http://ftp.gnu.org/gnu/tar/%{name}-%{version}.tar.bz2 -Source1: http://ftp.gnu.org/gnu/tar/%{name}-%{version}.tar.bz2.sig +Url: https://www.gnu.org/software/tar/ +Source0: https://ftp.gnu.org/gnu/tar/%{name}-%{version}.tar.bz2 +Source1: https://ftp.gnu.org/gnu/tar/%{name}-%{version}.tar.bz2.sig # http://wwwkeys.pgp.net:11371/pks/lookup?op=get&search=0x3602B07F55D0C732 Source2: %{name}.keyring Patch3: %{name}-wildcards.patch @@ -40,12 +40,6 @@ Patch11: %{name}-ignore_lone_zero_blocks.patch #https://bugzilla.opensuse.org/show_bug.cgi?id=918487 Patch12: %{name}-recursive--files-from.patch Patch20: add_readme-tests.patch -# PATCH-FEATURE-UPSTREAM add-return-values-to-backup-scripts.patch - -# add return values to the backup scripts for better results monitoring. -# https://savannah.gnu.org/patch/?8953 -Patch21: add-return-values-to-backup-scripts.patch -# PATCH-FIX-UPSTREAM bnc#1007188 CVE-2016-6321 kstreitova@suse.com -- fix POINTYFEATHER vulnerability -Patch22: %{name}-1.29-extract_pathname_bypass.patch BuildRequires: automake BuildRequires: libacl-devel BuildRequires: libattr-devel @@ -56,7 +50,6 @@ Recommends: %{name}-rmt = %{version} Recommends: mt Recommends: xz Provides: base:/bin/tar -BuildRoot: %{_tmppath}/%{name}-%{version}-build %description GNU Tar is an archiver program. It is used to create and manipulate files @@ -120,8 +113,6 @@ it may as well access remote devices or files. %patch11 -p1 #%patch12 -p1 %patch20 -p1 -%patch21 -p1 -%patch22 -p1 %build %define my_cflags -W -Wall -Wpointer-arith -Wstrict-prototypes -Wformat-security -Wno-unused-parameter -fPIE @@ -191,7 +182,6 @@ if [ ! -f %{_bindir}/gnurmt ] ; then fi %files backup-scripts -%defattr(-,root, root) %{_sbindir}/backup %{_sbindir}/restore.sh %{_libexecdir}/backup.sh @@ -200,15 +190,12 @@ fi %config(noreplace) %{_sysconfdir}/backup/backup-specs %files lang -f %{name}.lang -%defattr(-,root,root) %files tests -%defattr(-,root, root) %{_localstatedir}/lib/tests %{_docdir}/%{name}/README-tests %files rmt -%defattr(-, root, root) %ghost %{_bindir}/rmt %{_bindir}/gnurmt %ghost %{_mandir}/man1/rmt.1%{ext_man} @@ -217,7 +204,6 @@ fi %ghost %{_sysconfdir}/alternatives/rmt.1%{ext_man} %files doc -%defattr(-, root, root) %{_docdir}/%{name}/NEWS %{_docdir}/%{name}/README %{_docdir}/%{name}/ABOUT-NLS @@ -228,7 +214,6 @@ fi %{_infodir}/%{name}.info* %files -%defattr(-, root, root) #UsrMerge /bin/%{name} #EndUsrMerge